cube-js/cube

Docker scan for V0.32 reported 4 critical vulnerabilities (75 in total) - SOC2 T2 assessment

Open

#6340 aperta il 23 mar 2023

Vedi su GitHub
 (3 commenti) (1 reazione) (1 assegnatario)Rust (1965 fork)batch import
help wantedsecurity

Metriche repository

Star
 (19.563 star)
Metriche merge PR
 (Merge medio 5g 16h) (138 PR mergiate in 30 g)

Descrizione

Describe the bug We are in the process of a SOC2 T2 audit. Part of the process is a vulnerability assessment of all images, and containers.

We ran a static scan on the latest (0.32) Docker image version. Based on the scans from Docker that latest version has 75 vulnerabilities, and 4 of those are critical. See image below.

Most likely, these vulnerabilities will have an impact on other organizations aldo running formal security audits. As per our SOC2, critical vulnerabilities have an SLA for resolution of 14 days.

This issue was communicated via Slack. @keydunov asked us to file this Github issue.

To Reproduce Open Docker Desktop and run scan

Screenshot 2023-03-23 at 9 51 23 AM

Version: V0.32.14

Guida contributor